Iran in Latin America: Threat or Axis of Annoyance?

Senior Fellow Douglas Farah's analysis of the debate over the level of threat posed by Iran's expanding diplomatic, trade and military presence in Latin America, and its stated ambition to continue to broaden these more

Chinese Naval Modernization: Altering the Balance of Power

Richard Fisher details China's naval modernization program and the potential impacts on U.S. interests in the Western more

The Broken System for Reviewing Foreign Investment in Our Vital Infrastructure

emailEmail this article
printPrint this article

by R.K. Joyad
Published on February 24th, 2006

Summary: The problem with the current system for reviewing foreign investments is that Exon-Florio decisions (under which the President may suspend certain foreign acquistions, mergers or takeovers deemed to threaten national security) are made by an entity, CFIUS, that is not in the national security or threat assessment business. CFIUS is instead established for an entirely different purpose, led by a component, the Treasury Department, that lives to promote an open U.S. investment policy. Other government components involved in the Exon-Florio process who may be better versed in national security risk assessment -- like Defense and Homeland Security -- are outnumbered and outranked, particularly given the tight time frame that limits their ability to gather and analyze intelligence and to marshal support for their viewpoints. Moreover, CFIUS customs provide a means for intelligence targets to learn they are under investigation before they would otherwise learn that fact. The culture of "getting to 'Yes'" seems to engender this cavalier view of protecting sensitive secrets. The CFIUS process, as currently practiced, places sensitive national security questions squarely where they do not belong: in direct negotiations by the United States with private lawyers representing foreign interests. The United States should consider replacing CFIUS with another, more security-focused inter-agency group to handle these issues in the post 9/11 world. That action, by itself, would go a long way towards solving the real inadequacy identified by GAO and highlighted by the recent UAE port debacle.

Whatever one thinks about the decision to allow the transfer of operational authority over several American shipping ports to a company owned by the United Arab Emirates, one has to acknowledge that the process is in serious need of fixing. We now know that neither President Bush nor his senior national security advisors -- including Secretary of Defense Rumsfeld and Homeland Security Secretary Chertoff -- had been notified of the deal until after it had already been formally approved by the US government, by which time hell had broken lose. How is this possible?

Although this question is not easily answered by those uninvolved in the inner workings of the highly secretive Committee for Foreign Investment in the United State (CFIUS), which conducted the review and gave the approval, we can gain insight by considering little-noticed government report on CFIUS that preceded the UAE port decision by several months. The Government Accountability Office (GAO) a few months ago issued a report, entitled "Exon-Florio May Have Limited Effectiveness in Protecting U.S. National Security. " (The Exon-Florio Act is the 1988 statute that permit the President to prevent financial transactions and mergers with foreign entities that could jeopardize national security). The Report suggests a broken system, although it does not go so far as to identify the cause. For that, we need to consider the implications of the GAO findings, in combination with some other legal commentary by persons who have had occasion to be involved in the CFIUS process and other legal doctrines in the national security area. The result of this examination - which is detailed in this paper - in some ways, good news for those concerned about our ability to protect our vital national infrastructure from the malevolence (or caprice) of foreign powers. The CFIUS process may be broken, but it is not because of the underlying statute. The problem is more benign, something that is not uncommon in the Federal Government: bad culture. Why is this good news? Culture is not immutable, and can be altered by effective management. The solution for what ails us here does not require an act of Congress. It is merely a matter of recognizing the problem, and having the political will to redress it.

The problem with our system for reviewing foreign investments is that Exon-Florio decisions are made an entity that is not in the national security or threat assessment business, but instead by a committee established for an entirely different purpose, led by a component that lives to promote cross-border commerce. CFIUS was established in 1975 to coordinate U.S. policy on foreign investment here. It is not a creature of Exon-Florio. The United States should consider replacing CFIUS with another inter-agency group to handle these issues in the post 9/11 world. That action, by itself, would go a long way towards solving the real inadequacy identified by GAO and highlighted by the recent UAE port debacle.

The Concept of "Threat to National Security"

The GAO's main conclusion is that CFIUS' implementation of Exon-Florio limits its effectiveness, because Treasury (which chairs CFIUS) narrowly defines what constitutes a "threat to national security."[1] If one looks at how this concept is treated in other contexts, the GAO's conclusion is supported.

Within Exon-Forio,"threat to national security" is the factor that determines whether the President may suspend certain foreign acquisitions, mergers, or takeovers involving U.S. companies. Mergers that result in a controlling interest that threatens national security are subject to the President prerogative to void. According to the GAO, because the Exon-Florio implementers interpret this term narrowly, the statute does not receive its full expression. The GAO attributes this phenomenon to the fact that the staff that supports CFIUS - the Department of Treasury Office of International Investment - is also responsible for promoting open U.S. investment policy. This makes CFIUS loathe to interfere with proposed mergers. If the GAO is right, this is probably what happened in the UAE port case.

The GAO's conclusions are borne by the statistics. As of early February 2005, CFIUS had received more than 1,520 notifications of transactions potentially covered by Exon-Florio. Out of all of the notified transactions, CFIUS has undertaken 45-day investigations of only 24. Of those 24, only one (1) has resulted in the President exercising his authority to suspend or prohibit the transaction.

Is CFIUS oriented too much in favor of foreign acquisitions? To answer this question, one need look no further than the views expressed by those who have represented corporate interests in CFIUS controversies. In the February 2005 edition of the journal M & A Lawyer, private lawyer Ronald D. Lee has this advice to those who find themselves dealing with the government in CFIUS proceedings. He tells his fellow corporate lawyers:

Be prepared to respond promptly to CFIUS requests for information, to address CFIUS concerns, and to negotiate during the 30-day review and, if it gets that far, the 45-day investigation. If CFIUS has concerns about a transaction, the parties will, willingly or grudgingly, sooner or later, find themselves in a dialogue with CFIUS. At times, the conversations may involve clarifications, exchanges of information, expressions of positions, and strong advocacy; but at some point in the CFIUS review process, particularly as the end of the investigation period draws near, the paramount question becomes, as it often does in M&A work, "What is it going to take to get this deal done?" Reaching the answer to that question may require hard choices about steps that the parties can take and commitments the parties can offer to address, mitigate, or eliminate CFIUS's concerns.[2]

This is very telling. Private advisors view the CFIUS process as one involving negotiating solutions on behalf of their foreign clients. Even where a proposed foreign acquisition reaches the 45-day investigation phase (which is, as the GAO notes, a rare occurrence), the end of that period is marked by a desire by both sides to "get the deal done." The implication is clear: in the mind of lawyers who have come in contact with it, CFIUS views itself as a vehicle to get to yes, as if the United States is a party to the corporate transaction. The role as responsible sovereign guarding against corporate acquisitions deleterious to national security is apparently abrogated.

This dynamic is a manifestation of another short-coming of the CFIUS process: the inexplicable practice of notifying investigative targets that the United States is monitoring their activity. As the GAO notes, "When a member agency becomes aware of an acquisition that may be subject to Exon-Florio, the agency informs Treasury, and Treasury contacts the companies to encourage them to officially notify the Committee of the acquisition to begin the review." (emphasis added).

This conclusion in somewhat frightening. Where an anticipated foreign acquisition implicates persons or entities that are of interest to the U.S. intelligence community, the Treasury Department notifies private parties of the fact of this interest. By law, CFIUS is not permitted to disclose to the public information or documentary material submitted by the parties to a transaction, and CFIUS does not disclose information about its own deliberations or concerns. This protection, while perhaps understandable, overlooks a far worse type of disclosure in national security investigations - to the investigative subject itself, or at least to parties that are sufficiently linked to the subject for Exon-Florio scrutiny. Outside of the CFIUS process, targets of national security investigations are rarely aware of the fact that are being examined, since this jeopardizes sources and methods. When they are, it is only after there has been a reasoned judgment that the investigations has reached a stage where it should be "overt" (i.e. the targets being made aware of the investigative interest in their activities). Inexplicably, CFIUS customs provides a means for intelligence targets to learn they are under investigation before they would otherwise learn that fact. The culture of "getting to yes" seems to entail this cavalier view of protecting sensitive secrets.

Although unstated in the GAO report, the narrow interpretation of "threat to national security" goes directly against how this term is used in other contexts, as well as the philosophical underpinning of other U.S. national security initiatives. Two come to mind: (1) terrorist financing, and (2) export control.

In terrorist financing, the United States has adopted an economic embargo model that we have come to use against rogue states: certain groups and individuals are treated like pariahs This is triggered by their inclusion on terrorist lists, which has the affect of making it illegal for Americans to engage in any financial transactions with them, much like Americans are prohibited from economic activity with embargoed nations. The two most important terrorist lists for this "private embargo" model are those for "foreign terrorist organizations" (FTOs) list and "specially designated global terrorists" (SDGTs).

For a particular organization to be included on the FTOs list, Secretary of State must find that (1) the organization is a foreign organization; (2) the organization engages in terrorist activity, or retains the capability and intent to engage in terrorist activity or terrorism and (3) the terrorist activity or terrorism of the organization threatens the security of United States nationals or the national security of the United States. 8 U.S.C. § 1189. With regard to the third prong, the statute does not provide any clarification of what would constitute activity that "threatens the national security of the United States." However, the United States interprets this term more widely than activity directed against U.S. persons and institutions. For example, where the United States is involved in the implementation of a peace process, we view any terrorist activity directed against the parties to be a threat to U.S. national security, even if the terrorism does not target Americans. For this reason, there are several FTOs that have never directed their attacks against U.S. nationals or interests.

There is a second lesson of the terrorist financing program and of the private embargo model that illustrates another shortcoming of CFIUS' implementation of Exon-Florio. The list-making approach to terrorist financing means that the government's investigative focus is on persons in the U.S. who are secretly acting on behalf of designated entities or individuals. Armed with admissible proof of this activity, prosecutors can seek their indictment at the appropriate time. When this occurs, individual defendants cannot claim that they did not intend to further the terrorist goals of the recipient organization, nor that their particular conduct did not jeopardize national security. This decision has already been made by the designation process. In other words, our terrorist financing laws enforce a complete and total embargo of certain entities, without the need to determine whether the particular financial conduct specifically jeopardizes U.S. national security.

Contrast this with how CFIUS implements Exon-Florio, where a foreign acquisition involves someone who we believe may be associated with a designated terrorist organization. The CFIUS analysis will depend on whether the controlling interest resulting from the acquisition will be able to act in a way that jeopardizes U.S. security interests (through its control, for example of vital infrastructure and access to defense information), not whether the individuals involved in the transactions may have terrorist ties. The standard seems anomalous where U.S. criminal laws prohibit any form of material support from being provided to terrorist organizations. It creates a situation where the United States accedes to an arrangement where FTOs have a lucrative U.S. source of funding based on the finding that a particular merger does not threaten U.S. national security, irrespective of the fact that it is illegal for the FTO to obtain funding from sources within the U.S.

This point (along with some other problematic CFIUS customs, described above) can be illustrated by the following scenario:

A foreign investment group announces its plans to purchase an U.S. pharmaceutical company. The investor group is led by a foreign national living in the U.S. who is the subject of an FBI intelligence investigation, based on suspicions that he is employed as an agent Palestinian terrorist organization that is a designated FTO. The Department of Justice raises a concern with the transaction. The prospect that this transaction might implicate Exon-Florio causes Treasury to notify the investment group, telling them there are some national security concerns with the deal, and urging them to initiate the CFIUS process. This actions results in the investigative target and his business colleagues being aware of the United States' investigative interest in them. The investor groups invoke CFIUS, triggering the time frames.

From there, what standard would CFIUS use to determine whether the acquisition threatened national security? According to the GAO, the analysis be whether the U.S. entity to be acquired possessed certain sensitive technologies or classified contracts - doubtful here - or specific derogatory intelligence about the foreign company. How would it undertake this analysis? It would be informed by information provided by the investment group. In this scenario, the derogatory information is limited to a single individual in the investor group, rather than to the investment group as a whole. Moreover, the activities of the individual investor might not justify the conclusion that the resulting controlling entity could engage in activities that threaten U.S. interests (as defined by CFIUS), particular where the CFIUS process results in the negotiation of mitigation terms to guard against the type of threat with which CFIUS is most concerned (control of sensitive assets). The very process of negotiating the mitigation terms, however, gives the investor group and its membership greater insight into the nature of the U.S. concerns and the state of its intelligence and insight. Even if the negotiation succeeds in avoiding disclosure of the nature of the FBI's investigation, the CFIUS process has resulted in a transaction going through which will provide a source of financing for a terrorist group. The fact that it is illegal for the main investor to provide material support to the terrorist group he works for has failed to prevent a transaction designed to enrich the investor and the terrorist organization. Surely that cannot be right.

A second example of how CFIUS differs from other national security initiative comes from our system of export controls. The system is divided in two parts: (1) the Arms Export Control Act, and regulations administered by the State Department, 22 U.S.C. § 2778, and (2) the Export Administration Regulations (EARs) administered by the Commerce Department, 15 C.F.R. § 730 et seq.

The purposes of the EARs are to further the national security, non-proliferation and counterterrorism goals of the United States. 15 C.F.R. § 742. An item is subject to the EARs if, inter alia, it is of U.S. origin (wherever located), or is in the U.S. (regardless of origin). 15 C.F.R. § 734.3. The regulations require a license to export or re-export items on the Commerce Control List (CCL) to certain countries. 15 C.F.R. § 736.2. In addition, it is illegal to export any item to countries against which there are general embargos. The CCL describes about four percent of the items in the U.S. economy, whereas the general embargo rules apply to all items (100 percent of the U.S. economy).

Under the EARs, certain types of exports are defined to include "any release of technology or source code subject to the EARs to a foreign national." Such release is deemed to be an export to the home country or countries of the foreign national, even if it occurs entirely within the U.S. The term "release" includes visual inspection by foreign nationals of U.S.-origin equipment and facilities, oral exchanges of information in the United States or abroad, or the application to situations abroad of personal knowledge or technical experience acquired in the United States. 15 C.F.R. § 734.2(b)(2)(ii). This is referred to as the "deemed export rule." Its means that, for certain companies within the U.S. that employ foreign nationals, an export occurs simply by making certain items available to employees within the U.S.

Note that this rule - which imposes an affirmative obligation on a U.S.-based company to obtain the requisite license before making certain items available to certain U.S.-based employees - does not depend on whether the release would result in a threat to U.S. national security. That decision, in essence, has already been made, by virtue of the regulation.

The current way of implementing Exon-Florio does not embody this concept. However much a particular CFIUS decision includes considerations of EAR compliance, it will involve negotiations with foreign entities and an emphasis on a bottom-line concern of whether or not the resulting foreign controlling entity is not in a position to do damage to U.S. national security. This seems aberrational where we have an export control regime that recognizes the mere release of an item within a U.S. workplace to be a security risk.

What is the answer to these problems

Exon-Florio is an expression of what the President may affirmatively do where national security is threatened by certain foreign acquisitions, mergers, and takeovers of U.S. companies. Reliance on CFIUS to guide this authority is not required by statute. CFIUS existed prior to Exxon-Florio, for an entirely different purpose. It was established in 1975. Exon-Florio was enacted in 1988.

How the private sector views the CFIUS process supports some of the shortcomings identified by the GAO: the emphasis on finding some way to push the acquisition -- already identified as potentially implicating U.S. national security -- forward within a specified time period. The CFIUS process, as currently practiced, places sensitive national security questions squarely where they do not belong: in direct negotiations by the United States with private lawyers representing foreign interests. In this context, a certain amount of disclosure is part of the game. This is perhaps the most perilous aspect of the current situation.

The problems identified by the GAO are inherently ones of culture: CFIUS is staffed by Treasury components devoted to a more open investment policy. The other government components involved in the Exon-Florio process who may be better versed in national security risk assessment - like Defense and Homeland Security - are outnumbered and outranked, particularly given the tight time frame that limits their ability to gather and analyze intelligence and to marshal support for their viewpoints. It is the customs and practice of CFIUS, rather than the statute itself, that seem to be responsible for the ineffectiveness identified by the GAO. This suggests that the solution can come short of legislative amendments.

Although the statute contains several factors that may be considered in determining whether a proposed transaction represents a threat to national security, it does not seem to limit Exon-Florio decisions to that list. That means that the statute could be implemented in a manner that is more sensitive to the post-9/11 security situation without any change in the statute. What is needed is an Executive Branch decision to change how Exon-Florio is implemented. Replacing or reorganizing CFIUS should be the first step in fixing the problem. If CFIUS was not involved in the current UAE port issue, and the role of implementing Exon-Florio fell on another inter-agency group, the blessing of the transaction might well have occurred. It is doubtful, however, whether the President and his national security advisors would have found themselves in such a struggle to defend what appears to be a terrible decision. Chances are, they would have been notified and consulted, rather than hearing about the problem from Congress and the media. More significantly, the President may have had an opportunity to exercise authority granted to him by Exon-Florio.

R.K. Joyad is the pen name of a national security lawyer in Washington, D.C.

[1] This narrow definition, according to the GAO, makes CFIUS unlikely to initiate a 45-day investigation when faced with proposed acquisitions for which Exon-Florio is invoked. While this may be true, the real danger is more far-reaching. By misinterpreting the term, even those cases that make their way to a 45-day investigation are unlikely to result in a decision prevent the acquisition.

[2] Ronald D. Lee, "The Dog Doesn't Bark: CFIUS, The Guard Dog With Teeth, 8 M & A Lawyer 5 (February 2005).

back to top ^

Powered by eResources